1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  * Copyright 2012 Milan Jurik. All rights reserved.
25  * Copyright 2016 Jason King.  All rights reserved.
26  */
27 
28 #include <cryptoutil.h>
29 
30 /*
31  * Get the key generation mechanism for the given mechanism.
32  *
33  * All mechanisms in PKCS #11 v2.20 are listed here.
34  */
35 CK_RV
36 pkcs11_mech2keygen(CK_MECHANISM_TYPE mech_type, CK_MECHANISM_TYPE *gen_mech)
37 {
38 	switch (mech_type) {
39 
40 	case CKM_RSA_PKCS_KEY_PAIR_GEN:
41 	case CKM_RSA_PKCS:
42 	case CKM_RSA_9796:
43 	case CKM_RSA_X_509:
44 	case CKM_MD2_RSA_PKCS:
45 	case CKM_MD5_RSA_PKCS:
46 	case CKM_SHA1_RSA_PKCS:
47 	case CKM_SHA256_RSA_PKCS:
48 	case CKM_SHA384_RSA_PKCS:
49 	case CKM_SHA512_RSA_PKCS:
50 	case CKM_SHA256_RSA_PKCS_PSS:
51 	case CKM_SHA384_RSA_PKCS_PSS:
52 	case CKM_SHA512_RSA_PKCS_PSS:
53 	case CKM_RIPEMD128_RSA_PKCS:
54 	case CKM_RIPEMD160_RSA_PKCS:
55 	case CKM_RSA_PKCS_OAEP:
56 	case CKM_RSA_PKCS_OAEP_TPM_1_1:
57 	case CKM_RSA_PKCS_TPM_1_1:
58 		*gen_mech = CKM_RSA_PKCS_KEY_PAIR_GEN;
59 		break;
60 
61 	case CKM_RSA_X9_31_KEY_PAIR_GEN:
62 	case CKM_RSA_X9_31:
63 	case CKM_SHA1_RSA_X9_31:
64 		*gen_mech = CKM_RSA_X9_31_KEY_PAIR_GEN;
65 		break;
66 
67 	case CKM_RSA_PKCS_PSS:
68 	case CKM_SHA1_RSA_PKCS_PSS:
69 		*gen_mech = CKM_RSA_PKCS_KEY_PAIR_GEN;
70 		break;
71 
72 	case CKM_DH_PKCS_PARAMETER_GEN:
73 		*gen_mech = CKM_DH_PKCS_PARAMETER_GEN;
74 		break;
75 
76 	case CKM_DSA_KEY_PAIR_GEN:
77 	case CKM_DSA:
78 	case CKM_DSA_SHA1:
79 	case CKM_DSA_SHA224:
80 	case CKM_DSA_SHA256:
81 	case CKM_DSA_SHA384:
82 	case CKM_DSA_SHA512:
83 		*gen_mech = CKM_DSA_KEY_PAIR_GEN;
84 		break;
85 
86 	case CKM_DSA_PARAMETER_GEN:
87 		*gen_mech = CKM_DSA_PARAMETER_GEN;
88 		break;
89 
90 	case CKM_DSA_PROBABLISTIC_PARAMETER_GEN:
91 		*gen_mech = CKM_DSA_PROBABLISTIC_PARAMETER_GEN;
92 		break;
93 
94 	case CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN:
95 		*gen_mech = CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN;
96 		break;
97 
98 	case CKM_FORTEZZA_TIMESTAMP:
99 		*gen_mech = CKM_DSA_KEY_PAIR_GEN;
100 		break;
101 
102 	case CKM_DH_PKCS_KEY_PAIR_GEN:
103 	case CKM_DH_PKCS_DERIVE:
104 		*gen_mech = CKM_DH_PKCS_KEY_PAIR_GEN;
105 		break;
106 
107 	case CKM_ECDSA:
108 	case CKM_ECDSA_SHA1:
109 	case CKM_ECDSA_SHA224:
110 	case CKM_ECDSA_SHA256:
111 	case CKM_ECDSA_SHA384:
112 	case CKM_ECDSA_SHA512:
113 	case CKM_EC_KEY_PAIR_GEN:
114 	case CKM_ECDH1_DERIVE:
115 	case CKM_ECDH1_COFACTOR_DERIVE:
116 	case CKM_ECMQV_DERIVE:
117 		*gen_mech = CKM_EC_KEY_PAIR_GEN;
118 		break;
119 
120 	case CKM_X9_42_DH_KEY_PAIR_GEN:
121 	case CKM_X9_42_DH_DERIVE:
122 	case CKM_X9_42_DH_HYBRID_DERIVE:
123 	case CKM_X9_42_MQV_DERIVE:
124 		*gen_mech = CKM_X9_42_DH_KEY_PAIR_GEN;
125 		break;
126 
127 	case CKM_X9_42_DH_PARAMETER_GEN:
128 		*gen_mech = CKM_X9_42_DH_PARAMETER_GEN;
129 		break;
130 
131 	case CKM_KEA_KEY_PAIR_GEN:
132 	case CKM_KEA_KEY_DERIVE:
133 		*gen_mech = CKM_KEA_KEY_PAIR_GEN;
134 		break;
135 
136 	case CKM_MD2:
137 	case CKM_MD2_HMAC:
138 	case CKM_MD2_HMAC_GENERAL:
139 	case CKM_MD5:
140 	case CKM_MD5_HMAC:
141 	case CKM_MD5_HMAC_GENERAL:
142 	case CKM_SHA_1:
143 	case CKM_SHA_1_HMAC:
144 	case CKM_SHA_1_HMAC_GENERAL:
145 	case CKM_SHA256:
146 	case CKM_SHA256_HMAC:
147 	case CKM_SHA256_HMAC_GENERAL:
148 	case CKM_SHA384:
149 	case CKM_SHA384_HMAC:
150 	case CKM_SHA384_HMAC_GENERAL:
151 	case CKM_SHA512:
152 	case CKM_SHA512_HMAC:
153 	case CKM_SHA512_HMAC_GENERAL:
154 	case CKM_SHA512_224:
155 	case CKM_SHA512_224_HMAC:
156 	case CKM_SHA512_224_HMAC_GENERAL:
157 	case CKM_SHA512_224_KEY_DERIVATION:
158 	case CKM_SHA512_256:
159 	case CKM_SHA512_256_HMAC:
160 	case CKM_SHA512_256_HMAC_GENERAL:
161 	case CKM_SHA512_256_KEY_DERIVATION:
162 	case CKM_GENERIC_SECRET_KEY_GEN:
163 	case CKM_FASTHASH:
164 	case CKM_PKCS5_PBKD2:
165 	case CKM_PBA_SHA1_WITH_SHA1_HMAC:
166 	case CKM_CMS_SIG:
167 		*gen_mech = CKM_GENERIC_SECRET_KEY_GEN;
168 		break;
169 
170 	case CKM_SSL3_MD5_MAC:
171 	case CKM_SSL3_SHA1_MAC:
172 	case CKM_SSL3_PRE_MASTER_KEY_GEN:
173 	case CKM_SSL3_MASTER_KEY_DERIVE:
174 	case CKM_SSL3_KEY_AND_MAC_DERIVE:
175 	case CKM_SSL3_MASTER_KEY_DERIVE_DH:
176 		*gen_mech = CKM_SSL3_PRE_MASTER_KEY_GEN;
177 		break;
178 
179 	case CKM_TLS_PRE_MASTER_KEY_GEN:
180 	case CKM_TLS_MASTER_KEY_DERIVE:
181 	case CKM_TLS_KEY_AND_MAC_DERIVE:
182 	case CKM_TLS_MASTER_KEY_DERIVE_DH:
183 	case CKM_TLS_PRF:
184 		*gen_mech = CKM_TLS_PRE_MASTER_KEY_GEN;
185 		break;
186 
187 	case CKM_WTLS_PRE_MASTER_KEY_GEN:
188 	case CKM_WTLS_MASTER_KEY_DERIVE:
189 	case CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC:
190 	case CKM_WTLS_PRF:
191 	case CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE:
192 	case CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE:
193 		*gen_mech = CKM_WTLS_PRE_MASTER_KEY_GEN;
194 		break;
195 
196 	case CKM_CONCATENATE_BASE_AND_KEY:
197 	case CKM_CONCATENATE_BASE_AND_DATA:
198 	case CKM_CONCATENATE_DATA_AND_BASE:
199 	case CKM_XOR_BASE_AND_DATA:
200 	case CKM_EXTRACT_KEY_FROM_KEY:
201 	case CKM_RIPEMD128:
202 	case CKM_RIPEMD128_HMAC:
203 	case CKM_RIPEMD128_HMAC_GENERAL:
204 	case CKM_RIPEMD160:
205 	case CKM_RIPEMD160_HMAC:
206 	case CKM_RIPEMD160_HMAC_GENERAL:
207 	case CKM_SHA1_KEY_DERIVATION:
208 	case CKM_SHA256_KEY_DERIVATION:
209 	case CKM_SHA384_KEY_DERIVATION:
210 	case CKM_SHA512_KEY_DERIVATION:
211 	case CKM_MD5_KEY_DERIVATION:
212 	case CKM_MD2_KEY_DERIVATION:
213 	/* not sure the following 2 should be CKK_DES or not */
214 	case CKM_KEY_WRAP_LYNKS: /* wrap/unwrap secret key w/ DES key */
215 	case CKM_KEY_WRAP_SET_OAEP:  /* wrap/unwarp DES key w/ RSA key */
216 		*gen_mech = CKM_GENERIC_SECRET_KEY_GEN;
217 		break;
218 
219 	case CKM_RC2_KEY_GEN:
220 	case CKM_RC2_ECB:
221 	case CKM_RC2_CBC:
222 	case CKM_RC2_MAC:
223 	case CKM_RC2_MAC_GENERAL:
224 	case CKM_RC2_CBC_PAD:
225 	case CKM_PBE_SHA1_RC2_128_CBC:
226 	case CKM_PBE_SHA1_RC2_40_CBC:
227 		*gen_mech = CKM_RC2_KEY_GEN;
228 		break;
229 
230 	case CKM_RC4_KEY_GEN:
231 	case CKM_RC4:
232 	case CKM_PBE_SHA1_RC4_128:
233 	case CKM_PBE_SHA1_RC4_40:
234 		*gen_mech = CKM_RC4_KEY_GEN;
235 		break;
236 
237 	case CKM_DES_KEY_GEN:
238 	case CKM_DES_ECB:
239 	case CKM_DES_CBC:
240 	case CKM_DES_MAC:
241 	case CKM_DES_MAC_GENERAL:
242 	case CKM_DES_CBC_PAD:
243 	case CKM_PBE_MD2_DES_CBC:
244 	case CKM_PBE_MD5_DES_CBC:
245 	case CKM_DES_OFB64:
246 	case CKM_DES_OFB8:
247 	case CKM_DES_CFB64:
248 	case CKM_DES_CFB8:
249 	case CKM_DES_ECB_ENCRYPT_DATA:
250 	case CKM_DES_CBC_ENCRYPT_DATA:
251 		*gen_mech = CKM_DES_KEY_GEN;
252 		break;
253 
254 	case CKM_DES2_KEY_GEN:
255 	case CKM_PBE_SHA1_DES2_EDE_CBC:
256 		*gen_mech = CKM_DES2_KEY_GEN;
257 		break;
258 
259 	case CKM_DES3_KEY_GEN:
260 	case CKM_DES3_ECB:
261 	case CKM_DES3_CBC:
262 	case CKM_DES3_MAC:
263 	case CKM_DES3_MAC_GENERAL:
264 	case CKM_DES3_CBC_PAD:
265 	case CKM_PBE_SHA1_DES3_EDE_CBC:
266 	case CKM_DES3_ECB_ENCRYPT_DATA:
267 	case CKM_DES3_CBC_ENCRYPT_DATA:
268 	case CKM_DES3_CMAC:
269 	case CKM_DES3_CMAC_GENERAL:
270 		*gen_mech = CKM_DES3_KEY_GEN;
271 		break;
272 
273 	case CKM_ACTI:
274 	case CKM_ACTI_KEY_GEN:
275 		*gen_mech = CKM_ACTI_KEY_GEN;
276 		break;
277 
278 	case CKM_CAST_KEY_GEN:
279 	case CKM_CAST_ECB:
280 	case CKM_CAST_CBC:
281 	case CKM_CAST_MAC:
282 	case CKM_CAST_MAC_GENERAL:
283 	case CKM_CAST_CBC_PAD:
284 	case CKM_PBE_MD5_CAST_CBC:
285 		*gen_mech = CKM_CAST_KEY_GEN;
286 		break;
287 
288 	case CKM_CAST3_KEY_GEN:
289 	case CKM_CAST3_ECB:
290 	case CKM_CAST3_CBC:
291 	case CKM_CAST3_MAC:
292 	case CKM_CAST3_MAC_GENERAL:
293 	case CKM_CAST3_CBC_PAD:
294 	case CKM_PBE_MD5_CAST3_CBC:
295 		*gen_mech = CKM_CAST3_KEY_GEN;
296 		break;
297 
298 	/* CAST5 and CAST128 are the same alg */
299 	case CKM_CAST5_CBC:
300 	case CKM_CAST5_CBC_PAD:
301 	case CKM_CAST5_ECB:
302 	case CKM_CAST5_KEY_GEN:
303 	case CKM_CAST5_MAC:
304 	case CKM_CAST5_MAC_GENERAL:
305 	case CKM_PBE_MD5_CAST5_CBC:
306 	case CKM_PBE_SHA1_CAST5_CBC:
307 		*gen_mech = CKM_CAST5_KEY_GEN;
308 		break;
309 
310 	case CKM_RC5_KEY_GEN:
311 	case CKM_RC5_ECB:
312 	case CKM_RC5_CBC:
313 	case CKM_RC5_MAC:
314 	case CKM_RC5_MAC_GENERAL:
315 	case CKM_RC5_CBC_PAD:
316 		*gen_mech = CKM_RC5_KEY_GEN;
317 		break;
318 
319 	case CKM_IDEA_KEY_GEN:
320 	case CKM_IDEA_ECB:
321 	case CKM_IDEA_CBC:
322 	case CKM_IDEA_MAC:
323 	case CKM_IDEA_MAC_GENERAL:
324 	case CKM_IDEA_CBC_PAD:
325 		*gen_mech = CKM_IDEA_KEY_GEN;
326 		break;
327 
328 	case CKM_SKIPJACK_KEY_GEN:
329 	case CKM_SKIPJACK_ECB64:
330 	case CKM_SKIPJACK_CBC64:
331 	case CKM_SKIPJACK_OFB64:
332 	case CKM_SKIPJACK_CFB64:
333 	case CKM_SKIPJACK_CFB32:
334 	case CKM_SKIPJACK_CFB16:
335 	case CKM_SKIPJACK_CFB8:
336 	case CKM_SKIPJACK_WRAP:
337 	case CKM_SKIPJACK_PRIVATE_WRAP:
338 	case CKM_SKIPJACK_RELAYX:
339 		*gen_mech = CKM_SKIPJACK_KEY_GEN;
340 		break;
341 
342 	case CKM_BATON_KEY_GEN:
343 	case CKM_BATON_ECB128:
344 	case CKM_BATON_ECB96:
345 	case CKM_BATON_CBC128:
346 	case CKM_BATON_COUNTER:
347 	case CKM_BATON_SHUFFLE:
348 	case CKM_BATON_WRAP:
349 		*gen_mech = CKM_BATON_KEY_GEN;
350 		break;
351 
352 	case CKM_JUNIPER_KEY_GEN:
353 	case CKM_JUNIPER_ECB128:
354 	case CKM_JUNIPER_CBC128:
355 	case CKM_JUNIPER_COUNTER:
356 	case CKM_JUNIPER_SHUFFLE:
357 	case CKM_JUNIPER_WRAP:
358 		*gen_mech = CKM_JUNIPER_KEY_GEN;
359 		break;
360 
361 	case CKM_CDMF_KEY_GEN:
362 	case CKM_CDMF_ECB:
363 	case CKM_CDMF_CBC:
364 	case CKM_CDMF_MAC:
365 	case CKM_CDMF_MAC_GENERAL:
366 	case CKM_CDMF_CBC_PAD:
367 		*gen_mech = CKM_CDMF_KEY_GEN;
368 		break;
369 
370 	case CKM_AES_KEY_GEN:
371 	case CKM_AES_ECB:
372 	case CKM_AES_CBC:
373 	case CKM_AES_MAC:
374 	case CKM_AES_MAC_GENERAL:
375 	case CKM_AES_CBC_PAD:
376 	case CKM_AES_ECB_ENCRYPT_DATA:
377 	case CKM_AES_CBC_ENCRYPT_DATA:
378 	case CKM_AES_CCM:
379 	case CKM_AES_CFB1:
380 	case CKM_AES_CFB128:
381 	case CKM_AES_CFB64:
382 	case CKM_AES_CFB8:
383 	case CKM_AES_CMAC:
384 	case CKM_AES_CMAC_GENERAL:
385 	case CKM_AES_CTR:
386 	case CKM_AES_CTS:
387 	case CKM_AES_GCM:
388 	case CKM_AES_GMAC:
389 	case CKM_AES_KEY_WRAP:
390 	case CKM_AES_KEY_WRAP_PAD:
391 	case CKM_AES_OFB:
392 	case CKM_AES_XCBC_MAC:
393 	case CKM_AES_XCBC_MAC_96:
394 		*gen_mech = CKM_AES_KEY_GEN;
395 		break;
396 
397 	case CKM_BLOWFISH_KEY_GEN:
398 	case CKM_BLOWFISH_CBC:
399 	case CKM_BLOWFISH_CBC_PAD:
400 		*gen_mech = CKM_BLOWFISH_KEY_GEN;
401 		break;
402 
403 	case CKM_TWOFISH_KEY_GEN:
404 	case CKM_TWOFISH_CBC:
405 		*gen_mech = CKM_TWOFISH_KEY_GEN;
406 		break;
407 
408 	case CKM_CAMELLIA_CBC:
409 	case CKM_CAMELLIA_CBC_ENCRYPT_DATA:
410 	case CKM_CAMELLIA_CBC_PAD:
411 	case CKM_CAMELLIA_CTR:
412 	case CKM_CAMELLIA_ECB:
413 	case CKM_CAMELLIA_ECB_ENCRYPT_DATA:
414 	case CKM_CAMELLIA_KEY_GEN:
415 	case CKM_CAMELLIA_MAC:
416 	case CKM_CAMELLIA_MAC_GENERAL:
417 		*gen_mech = CKM_CAMELLIA_KEY_GEN;
418 		break;
419 
420 	case CKM_ARIA_CBC:
421 	case CKM_ARIA_CBC_ENCRYPT_DATA:
422 	case CKM_ARIA_CBC_PAD:
423 	case CKM_ARIA_ECB:
424 	case CKM_ARIA_ECB_ENCRYPT_DATA:
425 	case CKM_ARIA_KEY_GEN:
426 	case CKM_ARIA_MAC:
427 	case CKM_ARIA_MAC_GENERAL:
428 		*gen_mech = CKM_ARIA_KEY_GEN;
429 		break;
430 
431 	case CKM_GOST28147:
432 	case CKM_GOST28147_ECB:
433 	case CKM_GOST28147_KEY_GEN:
434 	case CKM_GOST28147_KEY_WRAP:
435 	case CKM_GOST28147_MAC:
436 		*gen_mech = CKM_GOST28147_KEY_GEN;
437 		break;
438 
439 	case CKM_GOSTR3410:
440 	case CKM_GOSTR3410_DERIVE:
441 	case CKM_GOSTR3410_KEY_PAIR_GEN:
442 	case CKM_GOSTR3410_KEY_WRAP:
443 	case CKM_GOSTR3410_WITH_GOSTR3411:
444 		*gen_mech = CKM_GOSTR3410_KEY_PAIR_GEN;
445 		break;
446 
447 	case CKM_HOTP:
448 	case CKM_HOTP_KEY_GEN:
449 		*gen_mech = CKM_HOTP_KEY_GEN;
450 		break;
451 
452 	case CKM_SECURID:
453 	case CKM_SECURID_KEY_GEN:
454 		*gen_mech = CKM_SECURID_KEY_GEN;
455 		break;
456 
457 	case CKM_SEED_CBC:
458 	case CKM_SEED_CBC_ENCRYPT_DATA:
459 	case CKM_SEED_CBC_PAD:
460 	case CKM_SEED_ECB:
461 	case CKM_SEED_ECB_ENCRYPT_DATA:
462 	case CKM_SEED_KEY_GEN:
463 	case CKM_SEED_MAC:
464 	case CKM_SEED_MAC_GENERAL:
465 		*gen_mech = CKM_SEED_KEY_GEN;
466 		break;
467 
468 	default:
469 		return (CKR_MECHANISM_INVALID);
470 	}
471 
472 	return (CKR_OK);
473 }
474